In force 1 January 2025 · Reviewed 6 May 2026
Privacy Policy
Title tag: Privacy Policy · GDPR · Q&A · Croatian Personal Data Protection Act In force: 1 January 2025 · Reviewed: 6 May 2026
This page explains, in straight Q&A, what we record about you when you book a Boat Charter Dubrovnik, why we keep it, who we share it with, and how to ask us to forget you. We work under the EU General Data Protection Regulation (GDPR) and the Croatian Personal Data Protection Act. Bookings made through this site are taken under those rules — not Facebook’s, not Google’s.
If anything below is unclear, write to info@boatcharterdubrovnik.com with the subject line “Privacy” and we’ll respond inside 30 days.
Who is the controller?
The data controller is the operator behind Boat Charter Dubrovnik — Obrt Boat Charter Dubrovnik, vl. Marin Kovačević (OIB HR62847391005), trading from:
- Charter base: Marina Frapa, Lapadska obala 21a, 20000 Dubrovnik
- Registered office: Vukovarska 18, 20000 Dubrovnik
- Privacy contact: info@boatcharterdubrovnik.com
- WhatsApp: +385 99 380 4156
Across this page, “we” / “us” / “our” refers to that controller.
What data does Boat Charter Dubrovnik record about you?
Three categories, depending on how you reach us.
1 · Booking data. When you reserve a charter — self-drive, skippered, sunset, or luxury — we capture your full name, email, mobile / WhatsApp number, charter date and time, party size, route preferences, dietary or accessibility notes, and (where relevant) hotel or pickup neighbourhood. Card details for the deposit go straight to Stripe or PayPal — we never see the full PAN.
2 · Conversation data. Anything you write to us via the contact form, email, WhatsApp or Instagram DM is stored alongside your booking record so the next reply has context.
3 · Browsing data. Standard server log entries: IP address (truncated after 14 days), user-agent, pages visited, referral source, session cookies. We use Plausible Analytics for aggregate page-view counts — Plausible doesn’t set cookies and doesn’t fingerprint visitors.
If your booking arrives via a partner platform (GetYourGuide, Viator, TripAdvisor), the platform forwards the minimum data needed to fulfil the charter. Their privacy notices apply alongside ours.
Why do you process this data, and on what GDPR basis?
| What we do with it | GDPR Article 6 basis |
|---|---|
| Confirm and run your Boat Charter Dubrovnik | Performance of contract |
| Send the booking receipt and skipper-introduction email | Performance of contract |
| Take the deposit through Stripe / PayPal | Performance of contract |
| Reply to enquiries when you’re not yet a customer | Legitimate interest |
| Email you about a future season — only if you tick the box | Consent |
| Defend ourselves in a refund dispute or accident claim | Legal obligation + legitimate interest |
| File the VAT invoice with the Croatian Tax Administration | Legal obligation |
| Catch payment fraud and stop bot scraping | Legitimate interest |
The “consent” basis applies only to marketing emails — and you can revoke that with the unsubscribe link in any email or by replying “STOP”.
Cookies and trackers — the short version
We use session cookies to keep you logged into the booking form. That’s it on the strictly-necessary side.
We do not run Google Analytics, Facebook Pixel, Hotjar, or any third-party tracker. Aggregate visit counts come from Plausible, which is cookieless.
If you have a cookie-consent banner enabled in your browser, the only thing it’ll find on our site is the session cookie above. If you delete it, the booking form will simply ask you to log in again.
Who else sees your data?
We share with these categories of processor, and only as far as the job needs:
- Stripe and PayPal — to process the 25% deposit. They are independent controllers under their own privacy notices.
- GetYourGuide / Viator / TripAdvisor — only if your booking originated there.
- Mailgun (transactional email) — to deliver booking confirmations.
- Plausible Analytics — anonymised page-view counts.
- Croatia osiguranje — only in the event of an insurance claim from your charter.
- Croatian Tax Administration — for the legal VAT invoice retention period only.
We do not sell your data, swap it with marketing networks, or use it to target ads at you. No data leaves the European Economic Area unless EU Standard Contractual Clauses are in place with the receiving processor.
How long is my Boat Charter Dubrovnik record kept?
| Record type | Retention |
|---|---|
| Booking and Stripe payment record | 5 years (Croatian tax law) |
| Email / WhatsApp threads | 24 months from last message |
| Marketing-list membership | until you unsubscribe + 12 months for the audit trail |
| Plausible analytics | 26 months, aggregated |
| Server logs | 14 days raw, then anonymised |
After the retention window we either delete the record or strip it of identifiers.
What rights do you have under the GDPR?
Eight, all of them free to exercise:
- Access — a copy of what we hold on you
- Rectification — correction of anything wrong
- Erasure — deletion of your record (subject to the 5-year tax-record exception)
- Restriction — pause processing while a dispute is open
- Portability — your record exported in a machine-readable format (JSON)
- Objection — to processing based on legitimate interests, including profiling
- Withdrawal of consent — for marketing, anytime, with no effect on the legality of past sends
- Complaint — to the Croatian Personal Data Protection Agency (AZOP, azop.hr) or your home-country equivalent
Email info@boatcharterdubrovnik.com with subject “GDPR — [right name]”. We answer inside 30 days; if your case is unusually complex, we may extend by 60 days and tell you why.
What about under-16 charter guests?
Boat Charter Dubrovnik does not knowingly collect personal data from under-16s. Children on a charter ride under the booking record of the parent or guardian; that adult is the data subject. If you believe we hold any record of an under-16, write in and we’ll erase it.
How is the data secured?
- TLS 1.3 on every connection between your browser and our booking form
- PCI-DSS-certified payment infrastructure (Stripe / PayPal — we never touch the card itself)
- Role-based internal access; only Marin (and his peak-season senior captains) see booking PII
- Annual security review of the website and admin tooling
- 2FA on every internal admin account
No security control is absolute. If you suspect a breach involving your data, write to info@boatcharterdubrovnik.com and we’ll respond within 24 hours.
What if the policy changes?
This page lists an “In force” and “Reviewed” date at the top. When we materially change anything — a new processor, a longer retention window, a different legal basis — we update both dates and post a notice on the homepage for 30 days. If you’re on the marketing list, the change goes out by email too.
How do I get hold of the privacy team?
- Email: info@boatcharterdubrovnik.com
- Form: /contact/
- Postal: Marina Frapa, Lapadska obala 21a, 20000 Dubrovnik, Croatia
For broader questions about how we run, see About. For booking conditions and refund timing, see Terms and Cancellation. To reserve a Boat Charter Dubrovnik, use /booking/.